Re: [TLS] ESNI and Multi-CDN
"Salz, Rich" <rsalz@akamai.com> Wed, 19 December 2018 19:33 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE47130EC6 for <tls@ietfa.amsl.com>; Wed, 19 Dec 2018 11:33:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.766
X-Spam-Level:
X-Spam-Status: No, score=-2.766 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UIqacdnKJgev for <tls@ietfa.amsl.com>; Wed, 19 Dec 2018 11:33:21 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9501200B3 for <tls@ietf.org>; Wed, 19 Dec 2018 11:33:21 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id wBJJRWAn022810; Wed, 19 Dec 2018 19:33:18 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=ngqtkpoCWjMNcgWOf4tA1ysr2Ckj0FTkfZ9giIsuyuU=; b=D/OGFC2tC2VfF3Zc/NoAZbuZV5TraLMprMg07bJo8CSqNMhqpc1Ys7HB5EXHfVuxSNzC zwiHAyiyf11EZ4PZHeHGdvt1Dr8vqoP10x2d/EzG0CCv66cOzU3737ckW0wR3bIosYqE 2RHX+oIEM5pGVej1TSHXl+vmTRjCC7kBwuvtLLAqjFfNAOOEavwXN2aRFNiWgcNmGJ0V reuL4Y6lZNl/+T1y7gev7La04Hjo7CU10qLQjqEdWryPUEoc3t1gWf8cIEjnsdSJgAUO PnVwuNjDZyUY8HgpZm+KgqFfk919rTe2QHhHeS6tKU8fyxq58I+qxxSOqkEKgq31QLeC Ow==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2pfaf3u9dt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Dec 2018 19:33:17 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id wBJJVooE014508; Wed, 19 Dec 2018 14:33:16 -0500
Received: from email.msg.corp.akamai.com ([172.27.25.32]) by prod-mail-ppoint2.akamai.com with ESMTP id 2pcwu0eysp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 19 Dec 2018 14:33:16 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Wed, 19 Dec 2018 11:33:15 -0800
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1365.000; Wed, 19 Dec 2018 13:33:15 -0600
From: "Salz, Rich" <rsalz@akamai.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Ben Schwartz <bemasc@google.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] ESNI and Multi-CDN
Thread-Index: AQHUlvdfzmyswisZZkmK1IQ9jYCvlqWFZACAgAADZoCAAAZZAP//vB2AgAEohwCAAHrggIAAChiA//+u1wA=
Date: Wed, 19 Dec 2018 19:33:14 +0000
Message-ID: <6D73D8B3-94E8-4677-B977-699D8480E258@akamai.com>
References: <CAHbrMsCDR4oQzJhkcF05+wSKEoDEnACLH8D-os34xoNE9hyWHQ@mail.gmail.com> <20181218211435.GB592@LK-Perkele-VII> <CAHbrMsAVNua0TDinVZr7zaO5R_MYSOVwzKDvb1GzeXXvgRJQ9g@mail.gmail.com> <20181218214928.GD592@LK-Perkele-VII> <8ED2A93D-3FC8-43C6-A15D-008F0890DEF4@akamai.com> <20181219112748.GA6681@LK-Perkele-VII> <CAHbrMsD1u3pnOfwTvMUnTzvrOtnrups7O1Owf1wYd3W+OtWwdA@mail.gmail.com> <20181219192343.GA16574@LK-Perkele-VII>
In-Reply-To: <20181219192343.GA16574@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.14.0.181208
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.34.47]
Content-Type: text/plain; charset="utf-8"
Content-ID: <CB3EBE43373AEE4CA0BCFA777DA20AE1@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-19_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=872 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812190152
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-19_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=874 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812190152
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5sdjZheMigXy_jPszazs03CWNec>
Subject: Re: [TLS] ESNI and Multi-CDN
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 19:33:23 -0000
> At least the client can tell the result is not going to work and
disable ESNI. Whereas with addresses there is no indication anything
is wrong, leading to potentially unrecoverable failure.
So on the one hand, fallback to public ESNI seems likely and on the other hand, communication fails. Not much difference?
- [TLS] ESNI and Multi-CDN Ben Schwartz
- Re: [TLS] ESNI and Multi-CDN Salz, Rich
- Re: [TLS] ESNI and Multi-CDN Ben Schwartz
- Re: [TLS] ESNI and Multi-CDN Ilari Liusvaara
- Re: [TLS] ESNI and Multi-CDN Ben Schwartz
- Re: [TLS] ESNI and Multi-CDN Ilari Liusvaara
- Re: [TLS] ESNI and Multi-CDN Ben Schwartz
- Re: [TLS] ESNI and Multi-CDN Salz, Rich
- Re: [TLS] ESNI and Multi-CDN Ilari Liusvaara
- Re: [TLS] ESNI and Multi-CDN Ben Schwartz
- Re: [TLS] ESNI and Multi-CDN Ilari Liusvaara
- Re: [TLS] ESNI and Multi-CDN Salz, Rich